Q131. DRAG DROP
Drag and drop the NAT operations on the left into the correct sequential order on the right.
Q132. DRAG DROP
Drag and drop each DHCP term on the left to the corresponding definition on the right.
Q133. Refer to the exhibit.
Which statement about this GET VPN configuration is true?
A. Router 1 acts as the primary key server because it has a higher priority.
B. An RSA key has been imported into the configuration.
C. The GDOI group configuration generated a key.
D. DPD is disabled.
Q134. What is the destination address of an IGMPv2 general membership query?
D. the multicast group address
Q135. Refer to the exhibit.
If a connection failure occurs between R1 and R2, which two actions can you take to allow CR-1 to reach the subnet 192.168.192.0/24 on R2? (Choose two.)
A. Create a static route on R1 for subnet 192.168.192.0/24 towards R3 and redistribute it into OSPF.
B. Turn up a BGP session between CR-1 and R1.
C. Create a static route on R1 for subnet 192.168.192.0/24 towards R3 and redistribute it into BGP.
D. Turn up an EIGRP session between R1 and R3 with AS 65535.
E. Create an OSPF virtual link between CR-1 and R2 to bypass R1.
Q136. Refer to the exhibit.
Which BGP feature is being used?
A. fast session deactivation
B. graceful restart
D. graceful shutdown
Q137. Which algorithm heavily influenced the algorithm used by path-vector protocols?
A path vector protocol is a computer network routing protocol which maintains the path information that gets updated dynamically. Updates which have looped through the network and returned to the same node are easily detected and discarded. This algorithm is sometimes used in Bellman–Ford routing algorithms to avoid "Count to Infinity" problems.
Q138. Refer to the exhibit.
You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table.
Which two statements are true? (Choose two.)
A. VPNv4 is not configured between PE1 and PE3.
B. address-family ipv4 vrf is not configured on PE3.
C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted.
D. PE1 will reject the route due to automatic route filtering.
E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted.
The route target extended community for VPLS auto-discovery defines the import and export policies that a VPLS instance uses. The export route target sets an extended community attribute number that is appended to all routes that are exported from the VPLS instance. The import route target value sets a filter that determines the routes that are accepted into the VPLS instance. Any route with a value in its import route target contained in its extended attributes field matching the value in the VPLS instance’s import route target are accepted. Otherwise the route is rejected.
Q139. Refer to the exhibit.
R3 is failing to join the multicast group 188.8.131.52 that is sourcing from R1. Which two actions can you take to allow multicast traffic to flow correctly? (Choose two.)
A. Remove the static multicast route on R1.
B. Configure OSPF on R1 and R3 to include the tunnel interfaces.
C. Add an additional static multicast route on R2 for multicast group 184.108.40.206 toward R3.
D. Replace the static multicast route on R1 to send traffic toward R2.
E. Remove the static unicast route on R1.
F. Add an additional static unicast route on R2 toward the loopback interface of R3.
Since the tunnel interfaces are not part of OSPF, the best path to the multicast source of R1 from R3 would be over the Gi0/0 path via OSPF. However, the static mroute is configured to use the tunnel, so this causes an RPF failure used in Sparse Mode. Best fix is to add the tunnel interfaces into OSPF and remove the static mroute so that that the RPF check no longer fails.
Q140. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.)
A. Received packets are authenticated by the key with the smallest key ID.
B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys.
C. Received packets are authenticated by any valid key that is chosen.
D. Sent packets are authenticated by the key with the smallest key ID.
Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work:
Router1(config)#key chain KeyChainR1
Router2(config)#key chain KeyChainR2
Apply these key chains to R1 & R2:
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip authentication mode eigrp 1 md5
Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip authentication mode eigrp 1 md5
Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2
There are some rules to configure MD5 authentication with EIGRP:
+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match)
+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP
+ When sending EIGRP messages the lowest valid key number is used -> D is correct.
+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why
answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used.
To know more about the 400-101, click here.